Question No: 21 – (Topic 1)

Which of the following encryption modes are possible in WEP?

128 bit encryption

No encryption

256 bit encryption

40 bit encryption

Answer: A,B,D

Explanation: WEP supports three encryption modes, i.e., no encryption, 40 bit encryption, and 128 bit encryption. Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security, which is equivalent to wired networks, for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. WEP incorporates a checksum in each frame to provide protection against the attacks that attempt to reveal the key stream. Answer: C is incorrect. WEP does not support 256 bit encryption.

Question No: 22 – (Topic 1)

Which of the following responsibilities does not come under the audit process?

Reporting all facts and circumstances of the irregular and illegal acts.

Planning the IT audit engagement based on the assessed level of risk.

Reviewing the results of the audit procedures.

Applying security policies.

Answer: A,B,C

Explanation: According to the standards of ISACA, an auditor should hold the following responsibilities: Planning the IT audit engagement based on an assessed level of risk. Designing audit procedures of irregular and illegal acts. Reviewing the results of the audit procedures. Assuming that acts are not isolated. Determining why the internal control system failed for that act. Conducting additional audit procedures. Evaluating the results of the expanded audit procedures. Reporting all facts and circumstances of the irregular and illegal acts. Distributing the report to the appropriate internal parties, such as managers.

Answer: D is incorrect. The auditor is not responsible for applying security policies.

Question No: 23 – (Topic 1)

You are responsible for a large network that has its own DNS servers. You periodically check the log to see if there are any problems. Which of the following are likely errors you might encounter in the log? (Choose three)

The DNS server could not create FTP socket for address [IP address of server]

The DNS server could not create an SMTP socket

Active Directory Errors

The DNS server could not create a Transmission Control Protocol (TCP) socket

The DNS server could not initialize the Remote Procedure Call (RPC) service

Answer: C,D,E

Explanation: There are a number of errors one could find in a Windows Server 2003 DNS log. They are as follows: The DNS server could not create a Transmission Control Protocol. The DNS server could not open socket for address. The DNS server could not initialize the Remote Procedure Call (RPC) service. The DNS server could not bind the main datagram socket. The DNS Server service relies on Active Directory to store and retrieve information for Active Directory-integrated zones. And several active directory errors are possible.

Answer: B is incorrect. DNS Servers do not create FTP connections. Answer: A is incorrect. DNS Servers do not create SMTP connections.

Question No: 24 – (Topic 1)

TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote operating system (OS fingerprinting), or incorporated into a device fingerprint. Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?

nmap -sS

nmap -sU -p

nmap -O -p

nmap -sT Explanation:

Answer: C

Explanation: The nmap -O -p switch can be used to perform TCP/IP stack fingerprinting. Nmap is a free open-source utility for network exploration and security auditing. It is used to discover computers and services on a computer network, thus creating a quot;mapquot; of the network. Just like many simple port scanners, Nmap is capable of discovering passive services. In addition, Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card. Nmap runs on Linux, Microsoft Windows etc. Answer: B is incorrect. The nmap -sU -p switch can be used to perform UDP port scanning. Answer: A is incorrect. The nmap -sS switch is used to perform a TCP half scan. TCP SYN scanning is also known as half-open scanning because in this a full TCP connection is never opened. Answer: D is incorrect. The nmap -sT switch is used to perform a TCP full scan.

Question No: 25 – (Topic 1)

You work as a Network Administrator for XYZ CORP. The company has a Linux-based network. The company needs to provide secure network access. You have configured a firewall to prevent certain ports and applications from forwarding the packets to the company#39;s intranet. What does a firewall check to prevent these ports and applications from forwarding the packets to the intranet?

The network layer headers and the session layer port numbers

The application layer port numbers and the transport layer headers

The transport layer port numbers and the application layer headers

The presentation layer headers and the session layer port numbers

Answer: C Explanation:

A firewall stops delivery of packets that are not marked safe by the Network Administrator. It checks the transport layer port numbers and the application layer headers to prevent certain ports and applications from forwarding the packets to an intranet. Answer: D, A, and B are incorrect. These are not checked by a firewall.

Question No: 26 – (Topic 1)

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. You want to run two programs, foo and bar. You also want to ensure that bar is executed if and

only if foo has executed successfully. Which of the following command sequences will John use to accomplish the task?

foo; bar;

foo || bar;

foo | bar;

foo amp;amp; bar;

Answer: D

Explanation: According to the scenario, John will execute the foo amp;amp; bar; command. Because of the amp;amp; operator, bar will execute if and only if foo completes successfully. Answer: A is incorrect. The foo; bar; command sequence will run foo and bar in a sequential manner, but the successful completion of the first command does not matter. Answer: B is incorrect. The foo || bar; command sequence will run the bar if and only if foo fails to complete successfully. Answer: C is incorrect. In the foo | bar; command sequence, the output of the foo command will be the input for the bar command.

Question No: 27 – (Topic 1)

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He is configuring the Apache Web server settings. He does not want the commands being used in the settings to be stored in the history. Which of the following commands can he use to disable history?

history !!

set o history

history !N

set -o history

Answer: B

Explanation: According to the scenario, John can use the set o history command to disable history. Answer: D is incorrect. John cannot use the set -o history command to accomplish his task. This command is used to enable disabled history.

Answer: A is incorrect. John cannot use the history !! command to accomplish his task. This command is used to see the most recently typed command. Answer: C is incorrect. John cannot use the history !N command to accomplish his task. This command is used to display the Nth history command.

Question No: 28 – (Topic 1)

You are the Network Administrator for a software development company. Your company creates various utilities and tools. You have noticed that some of the files your company creates are getting deleted from systems. When one is deleted, it seems to be deleted from all the computers on your network. Where would you first look to try and diagnose this problem?

Antivirus log

IDS log

System log

Firewall log

Answer: A

Explanation: Check the antivirus log and see if it is detecting your file as a virus and deleting it. All antivirus programs have a certain rate of false positives. Since the file is being deleted from all computers, it seems likely that your antivirus has mistakenly identified that file as a virus. Answer: D is incorrect. The firewall log can help you identify

traffic entering or leaving your network, but won#39;t help with files being deleted. Answer: B is incorrect. An IDS log would help you identify possible attacks, but this scenario is unlikely to be from an external attack. Answer: C is incorrect. Your system log can only tell you what is happening on that individual computer.

Question No: 29 – (Topic 1)

Which of the following statements about a screened host is true?

It facilitates a more efficient use of the Internet connection bandwidth and hides the real IP addresses of computers located behind the proxy.

It is a small network that lies in between the Internet and a private network.

It provides added security by using Internet access to deny or permit certain traffic from the Bastion Host.

It provides a physical connection between computers within a network.

Answer: C

Explanation: A screened host provides added security by using Internet access to deny or permit certain traffic from the Bastion Host. Answer: D is incorrect. A network interface card provides a physical connection between computers within a network.

Answer: B is incorrect. Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a private network. It is the boundary between the Internet and an internal network, usually a combination of firewalls and bastion hosts that are gateways between inside networks and outside networks. DMZ provides a large enterprise network or corporate network the ability to use the Internet while still maintaining its security. Answer: A is incorrect. A proxy server facilitates a more efficient use of the Internet connection bandwidth and hides the real IP addresses of computers located behind the proxy.

not changed the default port values of the services, which of the following services is running on UDP port 137?

HTTP

TELNET

NetBIOS

HTTPS

Answer: C

Explanation: NetBIOS is a Microsoft service that enables applications on different computers to communicate within a LAN. NetBIOS systems identify themselves with a 15- character unique name and use Server Message Block, which allows Remote directory, file and printer sharing, etc. The default port value of NetBIOS Name Resolution Service is 137/UDP. Answer: A is incorrect. Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port. Answer: D is incorrect. The default port of HTTPS is TCP/443. Hypertext Transfer Protocol Secure (HTTPS) protocol is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site. If a site has been made secure by using the Secure Sockets Layer (SSL) then HTTPS, instead of HTTP protocol, should be used as a protocol type in the URL. Answer: B is incorrect. TELNET is a command-line connectivity tool that starts terminal emulation with a remote host running the telnet server service. TELNET allows users to communicate with a remote computer, offers the ability to run programs remotely, and facilitates remote administration. The TELNET utility uses the Telnet protocol for connecting to a remote computer running the Telnet server software, to access files. It uses TCP port 23 by default.